CISM without enough experience

I recently passed the CISSP certification and endorsement process, and are now looking towards the next certification step.

I would like to work with security management, so the CISM CISA are interesting for me. Of course I've got the 5 years of experience in the it security field (since i passed the CISSP endorsement), but i don't have any management experience.

I guess i could take the exam anyways but i won't be able to get the certificate, and how good is it without anyway?

I've tried to find information at the isaca site regarding which experience that counts. Does it have to be full time professional management or can i try to find a volunteer job?

If i take the exam without any experience and without any prerequisites to starting getting some experience, i guess i only have 5 years to getting the necessary experience or i'll have to retake the exam?

Is it the same thing with the CISA?

Are there any other certs you could recommend me taking, that would bring me ind the management direction and that i can take without management experience?

I was also thinking of taking a diploma in leadership, to supply the management part of the job...

Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.Experience Substitutions
The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.

Two Years:

Certified Information Systems Auditor (CISA) in good standing

Certified Information Systems Security Professional (CISSP) in good standing

Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

Completion of an information security management program at an institution aligned with the Model Curriculum

The experience substitutions will not satisfy any portion of the three-year information security management work experience requirement.

Some of my coworkers hold the CISM cert, and they say it is more off-the-wall than the CISA (which has slightly different experience requirements.) And I say the CISA is, to put it quite delicately, bat-**** crazy and ridiculous and hairsplitting (I am currently sstudying for the exam in June.) I just can't see the benefit for me of pursuing the CISM, I value my sanity too much.

I would think that if you could pass the CISSP endorsement process, that you would not have any issue with the CISM/CISA work experience requirement.

Submit verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas. The work experience must be gained within the ten-year period preceding the application date for certification or within five years from the date of originally passing the exam.Experience Substitutions
The following security-related certifications and information systems management experience can be used to satisfy the indicated amount of information security work experience.

Two Years:

Certified Information Systems Auditor (CISA) in good standing

Certified Information Systems Security Professional (CISSP) in good standing

Post-graduate degree in information security or a related field (e.g., business administration, information systems, information assurance)

Completion of an information security management program at an institution aligned with the Model Curriculum

The experience substitutions will not satisfy any portion of the three-year information security management work experience requirement.

Some of my coworkers hold the CISM cert, and they say it is more off-the-wall than the CISA (which has slightly different experience requirements.) And I say the CISA is, to put it quite delicately, bat-**** crazy and ridiculous and hairsplitting (I am currently sstudying for the exam in June.) I just can't see the benefit for me of pursuing the CISM, I value my sanity too much.

I would think that if you could pass the CISSP endorsement process, that you would not have any issue with the CISM/CISA work experience requirement.

I have read that on the site, but maybe its because of my poor English, but i can't see if they require professional experience (full timed paid job) or volunteer jobs satisfy for management experience?

Well the CISSP domains that i have worked in is primely the technical ones (crypto, app security design, security architecture and design etc.) and they are quite different from the 5 domains in CISM, so i guess that i won't have any work experience?